## Dark_Web_Dump
> Welcome to challenge 1 in the Track the Hacker Series, a multi-step challenge. You are simulating an attack path as the hacker to take over GlitterCo!
>
> For this challenge, d34th dumped some data onto GhostTown in a thread about Dark Web Dumps. Use this information to track down the person’s username and password that he left out on the public web! This will require a bit of social media and other websites to track these credentials down, think you can hack it?
>
> Submit the flag as flag{username:password} (case sensitive).

## Solution

No link or image is provided in the challenge descritption so we should search on [Ghost Town forum](https://ghosttown.deadface.io/) to see if we can find any useful information.

Searching with key term ‘Dark web’ we can find [this thread](https://ghosttown.deadface.io/t/dark-web-dumps-anyone/101).

There, we can find this post


Which contains a[ link to a Google Drive](https://drive.google.com/drive/folders/1tVdSeNgvGCLjhS-nbjhI0-uL3HAtacVY).

One of the PDFs


Contains the username ‘OpticSeltzer69’

Googling the username, we can find [this person’s twitter account](https://twitter.com/OpticSeltzer69). There, he links to[ his GitHub page](https://github.com/OpticSeltzer).

We can see he has 3 projects, but[ this one](https://github.com/OpticSeltzer/BrownGlitter) in particular is of interest as it is about ‘Glitter’, and one of the files in the Google Drive contains a file about Brown Glitter being overproduced:


Checking the 3 files in the repo contains no info about usernames or passwords, so lets check previous commits.


We can see he has made 6 commits.

Checking the files one by one, we can find[ this commit](https://github.com/OpticSeltzer/BrownGlitter/commit/1ec5979b47b480dac8e9f4e0358872de4f512ba9) which contains a username and password:


Therefore, the flag is `**flag{jakeg:MakeitChocolateRain}**`

Thanks for reading!